Closed Bug 139676 Opened 22 years ago Closed 22 years ago

does not open file location in a href=file

Categories

(Core :: Networking: File, defect)

Product:
Core
Component:
Networking: File
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: nhiebaum, Assigned: dougt)

Details

(Keywords: testcase) 

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0rc1) Gecko/20020417
BuildID:    2002041711

If "file" is used instead of "http" in the a href tag, Mozilla does not open the
specified html-file (IE and NS do).

Reproducible: Always
Steps to Reproduce:
1.html-file with a href tag pointing to file://j:/somewhere/xx.html
2.reload page
3.click on the link - nothing happens
WFM with Mozilla/5.0 (Windows; U; Win98; de-AT; rv:1.0rc1) Gecko/20020417.

Reporter, can you create 2 short test-files as att.:
- Filewithnotworkinglink.html
- Filewherelinkedto.html
The given example "file://j:/somewhere/xx.html" is incorrect in two ways:

1. There should be three slashes after "file:" (see RFC 1738)

2. There should be a vertical bar after the drive letter (don't know where
   this is specified)

Hence: "file:///j|/somewhere/xx.html" should, and does, work.

Is the link to a file:// url in a web page or in a local file?  Because web
pages cannot link to local files for security reasons.
"Because web pages cannot link to local files for security reasons."

Do you mean Mozilla cannont perform those links? Because other browsers can. If
it is just Mozilla, perhaps there should be pref for this. I tried, months ago,
to make a sidebar panel that would link to the harddrive, so one could play
locally stored music or movies in the sidebar. This feature or bug precludes that.
> Do you mean Mozilla cannont perform those links?

It can, but does not by default.

> perhaps there should be pref for this.

There is:

user_pref("security.checkloaduri", false);

Keep in mind that this opens you up to all sorts of cute security attacks.

> I tried, months ago, to make a sidebar panel that would link to the harddrive

You could just make it a chrome sidebar... That means the user has to actually
approve its installation, but it gets installed locally and has the same
permissions as the rest of the browser UI (this includes the permission to load
local files regardless of the value of the checkloaduri pref).


INVALID as the URL misses a /
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
VERIFIED: (RC1 review)
there should be what I've labled "drive promotion", where the extra slash is added.
It might not work in links, but would work in location/URL.

I'll look at that and update the documentation and testcases.
Status: RESOLVED → VERIFIED
Keywords: testcase
Security is not insured at all because all the user need to is copy the link
location and paste it into the address bar in order to "go to" the link.
Yeah, if the user does that, they can get screwed.  They can get screwed in lots
of other ways by doing things too.  The idea is to prevent an onload handler
setting document.location to that url, for instance...
You need to log in before you can comment on or make changes to this bug.